Can you point me to any documentation?

On Wednesday, 13 August 2014 04:52:00 UTC-5, Remco Boerma wrote:
>
> Thanks Massimo, 
>
> Well, with CORS it depends. I used these to get CORS working with at IE11 
> and Chrome (latest)
>
>     response.headers['Access-Control-Allow-Origin'] 
>     response.headers['Access-Control-Allow-Methods'] 
>     response.headers['Access-Control-Allow-Headers'] 
>
> Maybe something more dynamic like 
>     auth.cas_allowed_headers_on_redirect = ['Acces-Co...',...]
>
> though it would require more tuning and more work and less out of the box 
> functionality. 
>
> For what i have seen it needs these headers on every contact with the 
> requesting browser, since the entire process is done using ajax that means 
> all redirects would probably apply. And if not, probably you'll want to 
> setup a structure to allow CORS on those redirects anyway. 
> If you really need to know which redirects are used in my situation (i 
> don't use the form based authentication obviously, so that might save me a 
> few redirects) i can debug the lot and see what i can come up with. 
>
> With kind regards. 
>
> Op woensdag 13 augustus 2014 07:29:43 UTC+2 schreef Massimo Di Pierro:
>>
>> Looking into this but I need your help. We cannot preserve all the 
>> headers because some of them may contain sensitive information that should 
>> not be sent cross domain (for example session cookies). So the question is, 
>> which headers should be preserved by which redirects:
>>
>> There are two redirects in gluon/contrib/login_methods/cas_auth.py
>>
>> There are two redirects in gluon/tools.py in Auth allow_access.
>>
>> Do you know which ones need the headers? Which headers?
>>
>> On Tuesday, 12 August 2014 03:05:27 UTC-5, Remco Boerma wrote:
>>>
>>> Thanks Massimo, 
>>>
>>> Concerning https://code.google.com/p/web2py/issues/detail?id=1961&can=1 
>>>
>>> The CAS structure uses redirect() internally. Can you update the call in 
>>> the CAS code to send the request.headers? That's why i proposed a change on 
>>> all redirect calls. This allows the CAS to be CORS compliant if the user 
>>> provides the proper headers on the controller level 
>>>
>>> With kind regards. 
>>>
>>> Remco
>>>
>>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to